gh-95023: Added os.setns and os.unshare to easily switch between namespaces on Linux

Doc/library/os.rst

@@ -569,6 +569,28 @@ process and user.
       See the documentation for :func:`getgroups` for cases where it may not
       return the same group list set by calling setgroups().
 
+.. function:: setns(fd, nstype=0)
+
+   Reassociate thread with a namespace.
+   If *fd* refers to a ``/proc/[pid]/ns/`` link, :func:`setns` reassociates the
+   calling thread with the namespace associated with that link, subject to any
+   constraints imposed by the *nstype* argument (or any if 0).
+   Since Linux 5.8, *fd* may refer to a PID file descriptor obtained from
+   :c:func:`pidfd_open`. In this case :func:`setns` reassociates the calling thread
+   into one or more of the same namespaces as the thread referred to by *fd* subject
+   to any constraints imposed by the *nstype* which is a bit mask specified by ORing together one or more of the ``CLONE_NEW*`` constants. the caller's memberships in unspecified namespaces are left unchanged.
+   *fd* can be any object with a :meth:`fileno()` method, or a raw file descriptor.
+
+   This example reassociates the thread with the ``init`` process' network namespace::
+
+      fd = os.open("/proc/1/ns/net", os.O_RDONLY)
+      os.setns(fd, os.CLONE_NEWNET)
+      os.close(fd)
+
+   .. availability:: Linux 3.0 or newer.
+
+   .. versionadded:: 3.12
+
 .. function:: setpgrp()
 
    Call the system call :c:func:`setpgrp` or ``setpgrp(0, 0)`` depending on
@@ -732,6 +754,37 @@ process and user.
       The function is now always available and is also available on Windows.
 
 
+.. function:: unshare(flags)
+
+   Disassociate parts of the process execution context.
+   The *flags* argument is a bit mask that specifies which parts of the execution
+   context should be unshared. This argument is specified by ORing together zero
+   or more of the ``CLONE_*`` constants.
+   If *flags* is specified as zero, no changes are made to the calling process's
+   execution context.
+
+   .. availability:: Linux 2.6.16 or newer.
+
+   .. versionadded:: 3.12
+
+   .. seealso::
+
+      The :func:`.setns` function.
+
+Flags to the :func:`unshare` function, if the implementation supports them.
+See the Linux manual for the exact effect and availability.
+
+.. data:: CLONE_FS
+          CLONE_FILES
+          CLONE_NEWNS
+          CLONE_NEWCGROUP
+          CLONE_NEWUTS
+          CLONE_NEWIPC
+          CLONE_NEWUSER
+          CLONE_NEWPID
+          CLONE_NEWNET
+          CLONE_NEWTIME
+
 .. _os-newstreams:
 
 File Object Creation

Lib/test/test_posix.py

@@ -2172,6 +2172,35 @@ def test_utime(self):
                 os.utime("path", dir_fd=0)
 
 
+class NamespacesTests(unittest.TestCase):
+    """Tests for os.unshare() and os.setns()."""
+
+    @unittest.skipUnless(hasattr(os, 'unshare'), 'needs os.unshare()')
+    @unittest.skipUnless(hasattr(os, 'setns'), 'needs os.setns()')
+    @unittest.skipUnless(hasattr(os, 'readlink'), 'needs os.readlink()')
+    @unittest.skipUnless(os.path.exists('/proc/self/ns/uts'), 'need /proc/self/ns/uts')
+    @support.requires_linux_version(3, 0, 0)
+    def test_unshare_setns(self):
+        original = os.readlink('/proc/self/ns/uts')
+        original_fd = os.open('/proc/self/ns/uts', os.O_RDONLY)
+        self.addCleanup(os.close, original_fd)
+
+        try:
+            os.unshare(os.CLONE_NEWUTS)
+        except OSError as e:
+            self.assertEqual(e.errno, errno.EPERM)
+            self.skipTest("unprivileged users cannot call unshare.")
+
+        current = os.readlink('/proc/self/ns/uts')
+        self.assertNotEqual(original, current)
+
+        self.assertRaises(OSError, os.setns, original_fd, os.CLONE_NEWNET)
+        os.setns(original_fd, os.CLONE_NEWUTS)
+
+        current = os.readlink('/proc/self/ns/uts')
+        self.assertEqual(original, current)
+
+
 def tearDownModule():
     support.reap_children()
 

Misc/NEWS.d/next/Core and Builtins/2022-07-20-09-04-55.gh-issue-95023.bs-xd7.rst

@@ -0,0 +1 @@
+Implement :func:`os.setns` and  :func:`os.unshare` for Linux. Patch by Noam Cohen

Modules/posixmodule.c

@@ -8588,6 +8588,49 @@ os_pidfd_open_impl(PyObject *module, pid_t pid, unsigned int flags)
 #endif
 
 
+#if defined(__linux__) && defined(HAVE_SETNS)
+/*[clinic input]
+os.setns
+  fd: fildes
+  nstype: int = 0
+
+Allows the calling thread to move into different namespaces.
+[clinic start generated code]*/
+
+static PyObject *
+os_setns_impl(PyObject *module, int fd, int nstype)
+/*[clinic end generated code: output=5dbd055bfb66ecd0 input=c097c9aa123c43ce]*/
+{
+    if (setns(fd, nstype) != 0) {
+        return posix_error();
+    }
+
+    Py_RETURN_NONE;
+}
+#endif
+
+
+#if defined(__linux__) && defined(HAVE_UNSHARE)
+/*[clinic input]
+os.unshare
+  flags: int
+
+Allows a process (or thread) to disassociate parts of its execution context.
+[clinic start generated code]*/
+
+static PyObject *
+os_unshare_impl(PyObject *module, int flags)
+/*[clinic end generated code: output=1b3177906dd237ee input=f8d7bd2c69325537]*/
+{
+    if (unshare(flags) != 0) {
+        return posix_error();
+    }
+
+    Py_RETURN_NONE;
+}
+#endif
+
+
 #if defined(HAVE_READLINK) || defined(MS_WINDOWS)
 /*[clinic input]
 os.readlink
@@ -14930,6 +14973,8 @@ static PyMethodDef posix_methods[] = {
     OS__ADD_DLL_DIRECTORY_METHODDEF
     OS__REMOVE_DLL_DIRECTORY_METHODDEF
     OS_WAITSTATUS_TO_EXITCODE_METHODDEF
+    OS_SETNS_METHODDEF
+    OS_UNSHARE_METHODDEF
     {NULL,              NULL}            /* Sentinel */
 };
 
@@ -15375,6 +15420,41 @@ all_ins(PyObject *m)
 #ifdef SCHED_FX
     if (PyModule_AddIntConstant(m, "SCHED_FX", SCHED_FSS)) return -1;
 #endif
+
+/* constants for namespaces */
+#if defined(__linux__) && (defined(HAVE_SETNS) || defined(HAVE_UNSHARE))
+#ifdef CLONE_FS
+    if (PyModule_AddIntMacro(m, CLONE_FS)) return -1;
+#endif
+#ifdef CLONE_FILES
+    if (PyModule_AddIntMacro(m, CLONE_FILES)) return -1;
+#endif
+#ifdef CLONE_NEWNS
+    if (PyModule_AddIntMacro(m, CLONE_NEWNS)) return -1;
+#endif
+#ifdef CLONE_NEWCGROUP
+    if (PyModule_AddIntMacro(m, CLONE_NEWCGROUP)) return -1;
+#endif
+#ifdef CLONE_NEWUTS
+    if (PyModule_AddIntMacro(m, CLONE_NEWUTS)) return -1;
+#endif
+#ifdef CLONE_NEWIPC
+    if (PyModule_AddIntMacro(m, CLONE_NEWIPC)) return -1;
+#endif
+#ifdef CLONE_NEWUSER
+    if (PyModule_AddIntMacro(m, CLONE_NEWUSER)) return -1;
+#endif
+#ifdef CLONE_NEWPID
+    if (PyModule_AddIntMacro(m, CLONE_NEWPID)) return -1;
+#endif
+#ifdef CLONE_NEWNET
+    if (PyModule_AddIntMacro(m, CLONE_NEWNET)) return -1;
+#endif
+#ifdef CLONE_NEWTIME
+    if (PyModule_AddIntMacro(m, CLONE_NEWTIME)) return -1;
+#endif
+#endif
+
 #endif
 
 #ifdef USE_XATTRS

configure.ac

@@ -4937,6 +4937,9 @@ AC_CHECK_FUNCS(setpgrp,
     [])
 )
 
+# check for namespace functions
+AC_CHECK_FUNCS(setns unshare)
+
 dnl We search for both crypt and crypt_r as one or the other may be defined
 dnl libxcrypt provides <crypt.h> and libcrypt with crypt_r() since
 dnl at least 3.1.1 from 2015.

pyconfig.h.in

@@ -1019,6 +1019,9 @@
 /* Define to 1 if you have the `setlocale' function. */
 #undef HAVE_SETLOCALE
 
+/* Define to 1 if you have the `setns' function. */
+#undef HAVE_SETNS
+
 /* Define to 1 if you have the `setpgid' function. */
 #undef HAVE_SETPGID
 
@@ -1383,6 +1386,9 @@
 /* Define to 1 if you have the `unlinkat' function. */
 #undef HAVE_UNLINKAT
 
+/* Define to 1 if you have the `unshare' function. */
+#undef HAVE_UNSHARE
+
 /* Define if you have a useable wchar_t type defined in wchar.h; useable means
    wchar_t must be an unsigned type with at least 16 bits. (see
    Include/unicodeobject.h). */